beenull/disposable-mailbox-2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

better input validation

Browse source
This commit is contained in:
Synox 2018-03-06 22:59:15 +01:00
parent cbfa9571cd
commit df8559fe3b
4 changed files with 38 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
src/controller.php
View file

@ -18,25 +18,12 @@ abstract class Controller {
function invoke(ImapClient $imapClient) {
}
function if_invalid_redirect_to_random(User $user, array $config_domains) {
function validate_user(User $user, array $config_domains) {
if ($user->isInvalid($config_domains)) {
$this->redirect_to_random($config_domains);
$this->viewHandler->invalid_input($config_domains);
exit();
}
}
function redirect_to_random(array $domains) {
$wordLength = rand(3, 8);
$container = new PronounceableWord_DependencyInjectionContainer();
$generator = $container->getGenerator();
$word = $generator->generateWordOfGivenLength($wordLength);
$nr = rand(51, 91);
$name = $word . $nr;
$domain = $domains[array_rand($domains)];
$this->viewHandler->newAddress("$name@$domain");
}
}
class RedirectToAddressController extends Controller {
@ -73,7 +60,7 @@ class DownloadEmailController extends Controller {
function invoke(ImapClient $imapClient) {
$user = User::parseDomain($this->address, $this->config_blocked_usernames);
$this->if_invalid_redirect_to_random($user, $this->config_domains);
$this->validate_user($user, $this->config_domains);
$download_email_id = filter_var($this->email_id, FILTER_SANITIZE_NUMBER_INT);
$full_email = $imapClient->load_one_email_fully($download_email_id, $user);
@ -102,7 +89,7 @@ class DeleteEmailController extends Controller {
function invoke(ImapClient $imapClient) {
$user = User::parseDomain($this->address, $this->config_blocked_usernames);
$this->if_invalid_redirect_to_random($user, $this->config_domains);
$this->validate_user($user, $this->config_domains);
$delete_email_id = filter_var($this->email_id, FILTER_SANITIZE_NUMBER_INT);
if ($imapClient->delete_email($delete_email_id, $user)) {
@ -121,7 +108,8 @@ class RedirectToRandomAddressController extends Controller {
}
function invoke(ImapClient $imapClient) {
$this->redirect_to_random($this->config_domains);
$address = User::get_random_address($this->config_domains);
$this->viewHandler->newAddress($address);
}
}
@ -135,11 +123,10 @@ class DisplayEmailsController extends Controller {
$this->config = $config;
}
function invoke(ImapClient $imapClient) {
// print emails with html template
$user = User::parseDomain($this->address, $this->config['blocked_usernames']);
$this->if_invalid_redirect_to_random($user, $this->config['domains']);
$this->validate_user($user, $this->config['domains']);
$emails = $imapClient->get_emails($user);
$this->viewHandler->displayEmails($emails, $this->config, $user);

16
src/json-api.php
View file

@ -13,20 +13,24 @@ require_once 'router.php';
class RestRouter extends Router {
function route(): Controller {
if ($this->action === "download_email"
if ($this->method === "GET"
&& $this->action === "download_email"
&& isset($this->get_vars['email_id'])
&& isset($this->get_vars['address'])) {
return new DownloadEmailController($this->get_vars['email_id'], $this->get_vars['address'], $this->config['domains'], $this->config['blocked_usernames']);
} elseif ($this->action === "delete_email"
} elseif ($this->method === "DELETE"
&& isset($this->get_vars['email_id'])
&& isset($this->get_vars['address'])) {
return new DeleteEmailController($this->get_vars['email_id'], $this->get_vars['address'], $this->config['domains'], $this->config['blocked_usernames']);
} elseif ($this->action === 'get_random_username') {
} elseif ($this->method === "GET"
&& $this->action === 'random_username') {
return new RedirectToRandomAddressController($this->config['domains']);
} elseif ($this->action === 'get_emails' && isset($this->get_vars['address'])) {
} elseif ($this->method === "GET"
&& $this->action === 'emails'
&& isset($this->get_vars['address'])) {
return new DisplayEmailsController($this->get_vars['address'], $this->config);
} else {
@ -68,6 +72,10 @@ class JsonViewHandler implements ViewHandler {
function downloadEmailAsRfc822($full_email, $filename) {
$this->json(array('status' => "success", 'body' => $full_email));
}
function invalid_input($config_domains) {
$this->error(400, 'Bad Request');
}
}

12
src/user.php
View file

@ -5,6 +5,18 @@ class User {
public $username;
public $domain;
public static function get_random_address(array $domains): string {
$wordLength = rand(3, 8);
$container = new PronounceableWord_DependencyInjectionContainer();
$generator = $container->getGenerator();
$word = $generator->generateWordOfGivenLength($wordLength);
$nr = rand(51, 91);
$name = $word . $nr;
$domain = $domains[array_rand($domains)];
return "$name@$domain";
}
public function isInvalid(array $config_domains): bool {
if (empty($this->username) || empty($this->domain)) {
return true;

7
src/view.php
View file

@ -15,6 +15,8 @@ interface ViewHandler {
function newAddress($string);
function downloadEmailAsRfc822($full_email, $filename);
function invalid_input($config_domains);
}
@ -42,4 +44,9 @@ class ServerRenderViewHandler implements ViewHandler {
header("Content-Disposition: attachment; filename=\"$filename\"");
print $full_email;
}
function invalid_input($config_domains) {
$address = User::get_random_address($config_domains);
$this->newAddress($address);
}
}